CVE-2024-40711

CRITICAL KEV RANSOMWARE NUCLEI

Veeam Backup & Replication 12.0.0.1420 through 12.2.0.334 - Deserialization RCE

Title source: llm

Description

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

Exploits (2)

nomisec WORKING POC 55 stars
by watchtowrlabs · remote
https://github.com/watchtowrlabs/CVE-2024-40711
nomisec WORKING POC 42 stars
by realstatus · poc
https://github.com/realstatus/CVE-2024-40711-Exp

Nuclei Templates (1)

Veeam Backup & Replication - Unauthenticated
CRITICALVERIFIEDby rootxharsh,iamnoooob,DhiyaneshDK
Shodan: html:"Veeam Backup"

References (3)

Scores

CVSS v3 9.8
EPSS 0.7046
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2024-10-17
VulnCheck KEV 2024-04-23
InTheWild.io 2024-10-17
ENISA EUVD EUVD-2024-38578
Ransomware Use Confirmed

Classification

CWE
CWE-502
Status published

Affected Products (1)

veeam/veeam_backup_\&_replication < 12.2.0.334

Timeline

Published Sep 07, 2024
KEV Added Oct 17, 2024
Tracked Since Feb 18, 2026